Jump to content

Please Analyze: Getting Pop-up's from "AxView"


Recommended Posts

For the last two weeks I've been getting pop-up's that say "Authentication Requested".

It asks for a user name and password. It says the request is coming from "AxView".

I always close the window but it keeps coming back.

Have run multiple scans with MBAM with no detections.

(HJT logfile attached)

Please advise.

Thank You. :)

Link to post
Share on other sites

Welcome to the forum, HJT isn't used any more...please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs.

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options)

Post back the report.

MrC

Link to post
Share on other sites

Thank you MrCharlie, for repying to my post.

Here are the DDS logs:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Scott at 19:21:21 on 2012-04-24

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1471.830 [GMT -5:00]

.

AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k HsfXAudioService

C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

C:\Program Files\Zune\ZuneLauncher.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files (x86)\Nero\Nero 7\Nero PhotoShow 4\data\Xtras\mssysmgr.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [Nero PhotoShow Media Manager] C:\PROGRA~2\Nero\NERO7~1\NEROPH~2\data\Xtras\mssysmgr.exe

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Scott\Desktop\PartyPoker.lnk

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 192.168.0.1 205.171.3.25

TCP: Interfaces\{B11A958E-3007-46C8-AE62-BEC6BF778EB7} : DhcpNameServer = 192.168.0.1 205.171.3.25

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

IE-X64: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Scott\Desktop\PartyPoker.lnk

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\p64mlj5p.default\

FF - prefs.js: browser.search.selectedEngine - Startpage HTTPS

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]

R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-9 654408]

R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-8-10 227184]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]

R3 CAXHWBS2;CAXHWBS2;C:\Windows\system32\DRIVERS\CAXHWBS2.sys --> C:\Windows\system32\DRIVERS\CAXHWBS2.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

S2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2011-10-24 2391832]

S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-15 253088]

S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;C:\Windows\system32\Drivers\ssadadb.sys --> C:\Windows\system32\Drivers\ssadadb.sys [?]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 VST64_DPV;VST64_DPV;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 VST64HWBS2;VST64HWBS2;C:\Windows\system32\DRIVERS\VSTBS26.SYS --> C:\Windows\system32\DRIVERS\VSTBS26.SYS [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]

.

=============== Created Last 30 ================

.

2012-04-21 12:55:20 -------- d-----w- C:\Users\Scott\AppData\Local\ElevatedDiagnostics

2012-04-15 09:50:03 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-04-12 08:36:09 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-04-12 08:36:08 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-04-12 08:36:08 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-04-12 08:35:23 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-04-12 08:35:22 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-04-12 08:35:22 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-04-12 08:35:21 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-04-12 08:35:21 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-04-12 08:35:21 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-04-12 08:35:21 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-04-11 13:24:42 -------- d-----w- C:\Users\Scott\AppData\Local\Apps

2012-04-11 13:21:27 -------- d-----w- C:\Users\Scott\AppData\Roaming\FastStone

2012-04-11 13:20:17 -------- d-----w- C:\Program Files (x86)\FastStone Image Viewer

.

==================== Find3M ====================

.

2012-04-15 09:50:03 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-02-20 15:16:39 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-02-17 06:38:27 1112064 ----a-w- C:\Windows\System32\rdpcorets.dll

2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-02-16 11:53:00 466456 ----a-w- C:\Windows\System32\wrap_oal.dll

2012-02-16 11:53:00 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2012-02-16 11:53:00 122904 ----a-w- C:\Windows\System32\OpenAL32.dll

2012-02-16 11:53:00 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys

.

============= FINISH: 19:22:28.13 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 11/24/2011 6:09:51 AM

System Uptime: 4/24/2012 6:38:33 PM (1 hours ago)

.

Motherboard: ASUSTek Computer INC. | | NAGAMI2L

Processor: AMD Athlon 64 Processor 3500+ | Socket 939 | 2200/199mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 104 GiB total, 77.022 GiB free.

D: is FIXED (FAT32) - 8 GiB total, 0.479 GiB free.

E: is CDROM ()

F: is CDROM ()

G: is Removable

H: is Removable

I: is Removable

J: is Removable

K: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description:

Device ID: ACPI\AWY0001\2&DABA3FF&1

Manufacturer:

Name:

PNP Device ID: ACPI\AWY0001\2&DABA3FF&1

Service:

.

==== System Restore Points ===================

.

RP51: 4/12/2012 3:32:17 AM - Windows Update

RP52: 4/12/2012 10:02:46 PM - Windows Update

RP53: 4/14/2012 11:26:07 PM - Installed HiJackThis

RP54: 4/15/2012 1:39:56 AM - Installed HiJackThis

RP55: 4/24/2012 4:03:33 AM - Removed HiJackThis

RP56: 4/24/2012 4:08:10 AM - Installed HiJackThis

RP57: 4/24/2012 4:42:11 AM - Removed HiJackThis

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Reader X (10.1.3)

Adobe Shockwave Player 11.6

Auslogics Disk Defrag

DVD Shrink 3.2

FastStone Image Viewer 4.6

Java Auto Updater

Java 6 Update 31

K-Lite Codec Pack 7.0.0 (Standard)

LG USB Modem Driver

Macromedia Flash Player 8

Malwarebytes Anti-Malware version 1.61.0.1400

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MotoHelper 2.0.53 Driver 5.2.0

MotoHelper MergeModules

Mozilla Firefox 11.0 (x86 en-US)

MP3 Rocket

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 7 Ultra Edition

Nero PhotoShow Express 4

OpenAL

PartyPoker

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

swMSM

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Visual Studio 2008 x64 Redistributables

VLC media player 1.1.11

.

==== Event Viewer Messages From Past Week ========

.

4/23/2012 3:43:40 PM, Error: Microsoft-Windows-Eventlog [23] - The event logging service encountered an error (res=32) while initializing logging resources for channel Microsoft-Windows-Known Folders API Service.

4/22/2012 6:13:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}

4/22/2012 6:13:12 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.

4/22/2012 6:13:12 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

4/19/2012 5:40:37 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

4/19/2012 5:40:37 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.

.

==== End Of File ===========================

Thank you for your assistance. :)

Link to post
Share on other sites

RK log:

RogueKiller V7.3.3 [04/22/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Scott [Admin rights]

Mode: Scan -- Date: 04/24/2012 19:43:53

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 6 ¤¤¤

[HJ] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowDownloads (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowVideos (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST312021 3AS SCSI Disk Device +++++

--- User ---

[MBR] e1ca38b1a169bd73b3f87feefdefc78b

[bSP] 66ea49a97b20ef3eecde3787a2414395 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 106068 Mo

1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 217244160 | Size: 8394 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Please don't delete anything unless I instruct you to.

-------------------------------------

Please make sure system restore is running and create a new restore point before continuing.

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

TDSS Killer log:

20:04:49.0588 1164 TDSS rootkit removing tool 2.7.32.0 Apr 23 2012 19:12:34

20:04:50.0129 1164 ============================================================

20:04:50.0129 1164 Current date / time: 2012/04/24 20:04:50.0129

20:04:50.0129 1164 SystemInfo:

20:04:50.0129 1164

20:04:50.0130 1164 OS Version: 6.1.7601 ServicePack: 1.0

20:04:50.0130 1164 Product type: Workstation

20:04:50.0130 1164 ComputerName: SCOTT-PC

20:04:50.0131 1164 UserName: Scott

20:04:50.0131 1164 Windows directory: C:\Windows

20:04:50.0131 1164 System windows directory: C:\Windows

20:04:50.0131 1164 Running under WOW64

20:04:50.0131 1164 Processor architecture: Intel x64

20:04:50.0131 1164 Number of processors: 1

20:04:50.0131 1164 Page size: 0x1000

20:04:50.0131 1164 Boot type: Normal boot

20:04:50.0131 1164 ============================================================

20:04:50.0648 1164 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3C91, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040

20:04:50.0870 1164 ============================================================

20:04:50.0870 1164 \Device\Harddisk0\DR0:

20:04:50.0881 1164 MBR partitions:

20:04:50.0881 1164 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xCF2A6B1

20:04:50.0881 1164 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0xCF2E200, BlocksNum 0x1065210

20:04:50.0881 1164 ============================================================

20:04:50.0902 1164 C: <-> \Device\Harddisk0\DR0\Partition0

20:04:50.0929 1164 D: <-> \Device\Harddisk0\DR0\Partition1

20:04:50.0930 1164 ============================================================

20:04:50.0930 1164 Initialize success

20:04:50.0930 1164 ============================================================

20:05:21.0298 3040 ============================================================

20:05:21.0298 3040 Scan started

20:05:21.0299 3040 Mode: Manual; SigCheck; TDLFS;

20:05:21.0299 3040 ============================================================

20:05:21.0864 3040 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

20:05:22.0052 3040 1394ohci - ok

20:05:22.0126 3040 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

20:05:22.0150 3040 ACPI - ok

20:05:22.0206 3040 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

20:05:22.0321 3040 AcpiPmi - ok

20:05:22.0445 3040 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

20:05:22.0466 3040 AdobeARMservice - ok

20:05:22.0655 3040 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

20:05:22.0670 3040 AdobeFlashPlayerUpdateSvc - ok

20:05:22.0895 3040 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

20:05:22.0921 3040 adp94xx - ok

20:05:22.0987 3040 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

20:05:23.0026 3040 adpahci - ok

20:05:23.0092 3040 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

20:05:23.0125 3040 adpu320 - ok

20:05:23.0199 3040 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

20:05:23.0357 3040 AeLookupSvc - ok

20:05:23.0468 3040 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

20:05:23.0554 3040 AFD - ok

20:05:23.0618 3040 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

20:05:23.0634 3040 agp440 - ok

20:05:23.0825 3040 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

20:05:23.0876 3040 ALG - ok

20:05:23.0929 3040 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

20:05:23.0945 3040 aliide - ok

20:05:23.0994 3040 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

20:05:24.0007 3040 amdide - ok

20:05:24.0083 3040 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

20:05:24.0160 3040 AmdK8 - ok

20:05:24.0221 3040 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

20:05:24.0274 3040 AmdPPM - ok

20:05:24.0339 3040 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

20:05:24.0367 3040 amdsata - ok

20:05:24.0428 3040 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

20:05:24.0448 3040 amdsbs - ok

20:05:24.0486 3040 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

20:05:24.0500 3040 amdxata - ok

20:05:24.0546 3040 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys

20:05:24.0952 3040 androidusb - ok

20:05:25.0015 3040 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

20:05:25.0233 3040 AppID - ok

20:05:25.0268 3040 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

20:05:25.0341 3040 AppIDSvc - ok

20:05:25.0410 3040 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

20:05:25.0479 3040 Appinfo - ok

20:05:25.0532 3040 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll

20:05:25.0577 3040 AppMgmt - ok

20:05:25.0635 3040 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

20:05:25.0650 3040 arc - ok

20:05:25.0843 3040 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

20:05:25.0859 3040 arcsas - ok

20:05:25.0904 3040 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

20:05:25.0962 3040 AsyncMac - ok

20:05:26.0025 3040 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

20:05:26.0039 3040 atapi - ok

20:05:26.0140 3040 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

20:05:26.0263 3040 AudioEndpointBuilder - ok

20:05:26.0292 3040 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

20:05:26.0344 3040 AudioSrv - ok

20:05:26.0414 3040 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys

20:05:26.0428 3040 Avgfwfd - ok

20:05:26.0638 3040 avgfws (5cd22eb540f82c70e33e530003f3903b) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe

20:05:26.0842 3040 avgfws - ok

20:05:27.0194 3040 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

20:05:27.0298 3040 AVGIDSAgent - ok

20:05:27.0440 3040 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys

20:05:27.0457 3040 AVGIDSDriver - ok

20:05:27.0490 3040 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

20:05:27.0503 3040 AVGIDSEH - ok

20:05:27.0546 3040 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys

20:05:27.0560 3040 AVGIDSFilter - ok

20:05:27.0616 3040 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys

20:05:27.0635 3040 Avgldx64 - ok

20:05:27.0803 3040 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys

20:05:27.0817 3040 Avgmfx64 - ok

20:05:27.0874 3040 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys

20:05:27.0889 3040 Avgrkx64 - ok

20:05:27.0950 3040 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys

20:05:27.0971 3040 Avgtdia - ok

20:05:28.0072 3040 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

20:05:28.0106 3040 avgwd - ok

20:05:28.0178 3040 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

20:05:28.0274 3040 AxInstSV - ok

20:05:28.0348 3040 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

20:05:28.0400 3040 b06bdrv - ok

20:05:28.0476 3040 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

20:05:28.0529 3040 b57nd60a - ok

20:05:28.0603 3040 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

20:05:28.0658 3040 BDESVC - ok

20:05:28.0842 3040 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

20:05:28.0913 3040 Beep - ok

20:05:29.0006 3040 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

20:05:29.0069 3040 BFE - ok

20:05:29.0151 3040 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

20:05:29.0228 3040 BITS - ok

20:05:29.0308 3040 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

20:05:29.0362 3040 blbdrive - ok

20:05:29.0409 3040 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

20:05:29.0435 3040 bowser - ok

20:05:29.0488 3040 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

20:05:29.0576 3040 BrFiltLo - ok

20:05:29.0605 3040 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

20:05:29.0625 3040 BrFiltUp - ok

20:05:29.0811 3040 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

20:05:29.0871 3040 Browser - ok

20:05:29.0929 3040 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

20:05:30.0006 3040 Brserid - ok

20:05:30.0044 3040 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

20:05:30.0102 3040 BrSerWdm - ok

20:05:30.0145 3040 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

20:05:30.0185 3040 BrUsbMdm - ok

20:05:30.0228 3040 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

20:05:30.0264 3040 BrUsbSer - ok

20:05:30.0309 3040 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

20:05:30.0354 3040 BTHMODEM - ok

20:05:30.0422 3040 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

20:05:30.0481 3040 bthserv - ok

20:05:30.0561 3040 CAXHWBS2 (46f088d1247e825b313200254edd9e5b) C:\Windows\system32\DRIVERS\CAXHWBS2.sys

20:05:30.0615 3040 CAXHWBS2 - ok

20:05:30.0662 3040 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

20:05:30.0838 3040 cdfs - ok

20:05:30.0901 3040 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

20:05:30.0937 3040 cdrom - ok

20:05:30.0998 3040 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

20:05:31.0062 3040 CertPropSvc - ok

20:05:31.0112 3040 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

20:05:31.0147 3040 circlass - ok

20:05:31.0224 3040 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

20:05:31.0245 3040 CLFS - ok

20:05:31.0346 3040 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:05:31.0387 3040 clr_optimization_v2.0.50727_32 - ok

20:05:31.0453 3040 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

20:05:31.0465 3040 clr_optimization_v2.0.50727_64 - ok

20:05:31.0613 3040 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

20:05:31.0626 3040 clr_optimization_v4.0.30319_32 - ok

20:05:31.0824 3040 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

20:05:31.0837 3040 clr_optimization_v4.0.30319_64 - ok

20:05:31.0900 3040 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

20:05:31.0931 3040 CmBatt - ok

20:05:31.0973 3040 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

20:05:31.0990 3040 cmdide - ok

20:05:32.0053 3040 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

20:05:32.0104 3040 CNG - ok

20:05:32.0140 3040 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

20:05:32.0157 3040 Compbatt - ok

20:05:32.0209 3040 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

20:05:32.0247 3040 CompositeBus - ok

20:05:32.0273 3040 COMSysApp - ok

20:05:32.0315 3040 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

20:05:32.0333 3040 crcdisk - ok

20:05:32.0410 3040 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

20:05:32.0474 3040 CryptSvc - ok

20:05:32.0534 3040 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

20:05:32.0598 3040 CSC - ok

20:05:32.0820 3040 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll

20:05:32.0877 3040 CscService - ok

20:05:32.0945 3040 dc3d (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys

20:05:32.0957 3040 dc3d - ok

20:05:33.0041 3040 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

20:05:33.0107 3040 DcomLaunch - ok

20:05:33.0153 3040 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

20:05:33.0219 3040 defragsvc - ok

20:05:33.0278 3040 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

20:05:33.0347 3040 DfsC - ok

20:05:33.0417 3040 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

20:05:33.0483 3040 Dhcp - ok

20:05:33.0527 3040 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

20:05:33.0593 3040 discache - ok

20:05:33.0648 3040 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

20:05:33.0663 3040 Disk - ok

20:05:33.0854 3040 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

20:05:33.0925 3040 Dnscache - ok

20:05:33.0990 3040 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

20:05:34.0070 3040 dot3svc - ok

20:05:34.0126 3040 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

20:05:34.0193 3040 DPS - ok

20:05:34.0235 3040 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

20:05:34.0273 3040 drmkaud - ok

20:05:34.0365 3040 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

20:05:34.0402 3040 DXGKrnl - ok

20:05:34.0441 3040 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

20:05:34.0507 3040 EapHost - ok

20:05:34.0831 3040 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

20:05:34.0907 3040 ebdrv - ok

20:05:35.0016 3040 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

20:05:35.0084 3040 EFS - ok

20:05:35.0183 3040 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

20:05:35.0257 3040 ehRecvr - ok

20:05:35.0297 3040 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

20:05:35.0333 3040 ehSched - ok

20:05:35.0433 3040 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

20:05:35.0478 3040 elxstor - ok

20:05:35.0525 3040 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

20:05:35.0558 3040 ErrDev - ok

20:05:35.0648 3040 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

20:05:35.0863 3040 EventSystem - ok

20:05:35.0904 3040 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

20:05:35.0970 3040 exfat - ok

20:05:36.0023 3040 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

20:05:36.0098 3040 fastfat - ok

20:05:36.0195 3040 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

20:05:36.0305 3040 Fax - ok

20:05:36.0341 3040 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

20:05:36.0379 3040 fdc - ok

20:05:36.0428 3040 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

20:05:36.0503 3040 fdPHost - ok

20:05:36.0546 3040 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

20:05:36.0609 3040 FDResPub - ok

20:05:36.0650 3040 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

20:05:36.0666 3040 FileInfo - ok

20:05:36.0822 3040 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

20:05:36.0890 3040 Filetrace - ok

20:05:36.0918 3040 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

20:05:36.0941 3040 flpydisk - ok

20:05:37.0006 3040 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

20:05:37.0039 3040 FltMgr - ok

20:05:37.0137 3040 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

20:05:37.0223 3040 FontCache - ok

20:05:37.0341 3040 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

20:05:37.0362 3040 FontCache3.0.0.0 - ok

20:05:37.0424 3040 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

20:05:37.0445 3040 FsDepends - ok

20:05:37.0490 3040 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

20:05:37.0504 3040 Fs_Rec - ok

20:05:37.0565 3040 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

20:05:37.0606 3040 fvevol - ok

20:05:37.0649 3040 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

20:05:37.0665 3040 gagp30kx - ok

20:05:37.0871 3040 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

20:05:37.0962 3040 gpsvc - ok

20:05:37.0998 3040 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

20:05:38.0058 3040 hcw85cir - ok

20:05:38.0136 3040 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

20:05:38.0189 3040 HdAudAddService - ok

20:05:38.0243 3040 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

20:05:38.0288 3040 HDAudBus - ok

20:05:38.0331 3040 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

20:05:38.0361 3040 HidBatt - ok

20:05:38.0393 3040 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

20:05:38.0445 3040 HidBth - ok

20:05:38.0490 3040 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

20:05:38.0527 3040 HidIr - ok

20:05:38.0570 3040 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

20:05:38.0633 3040 hidserv - ok

20:05:38.0822 3040 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

20:05:38.0842 3040 HidUsb - ok

20:05:38.0886 3040 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

20:05:38.0966 3040 hkmsvc - ok

20:05:39.0013 3040 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

20:05:39.0081 3040 HomeGroupListener - ok

20:05:39.0137 3040 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

20:05:39.0203 3040 HomeGroupProvider - ok

20:05:39.0246 3040 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

20:05:39.0262 3040 HpSAMD - ok

20:05:39.0361 3040 HsfXAudioService (447256d1c026654c5cd3cc17e7b20631) C:\Windows\SysWOW64\XAudio64.dll

20:05:39.0411 3040 HsfXAudioService - ok

20:05:39.0522 3040 HSF_DP (64667d9808fd09fabedccf62e8f52662) C:\Windows\system32\DRIVERS\CAX_DP.sys

20:05:39.0595 3040 HSF_DP - ok

20:05:39.0908 3040 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

20:05:39.0998 3040 HTTP - ok

20:05:40.0044 3040 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

20:05:40.0058 3040 hwpolicy - ok

20:05:40.0128 3040 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

20:05:40.0155 3040 i8042prt - ok

20:05:40.0226 3040 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

20:05:40.0261 3040 iaStorV - ok

20:05:40.0418 3040 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

20:05:40.0489 3040 idsvc - ok

20:05:40.0523 3040 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

20:05:40.0541 3040 iirsp - ok

20:05:40.0625 3040 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

20:05:40.0840 3040 IKEEXT - ok

20:05:40.0986 3040 IntcAzAudAddService (bfbabcb231628a4551dbb10d0ea25d62) C:\Windows\system32\drivers\RTKVHD64.sys

20:05:41.0078 3040 IntcAzAudAddService - ok

20:05:41.0230 3040 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

20:05:41.0256 3040 intelide - ok

20:05:41.0310 3040 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

20:05:41.0344 3040 intelppm - ok

20:05:41.0391 3040 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

20:05:41.0467 3040 IPBusEnum - ok

20:05:41.0525 3040 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:05:41.0597 3040 IpFilterDriver - ok

20:05:41.0664 3040 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

20:05:41.0862 3040 iphlpsvc - ok

20:05:41.0915 3040 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

20:05:41.0948 3040 IPMIDRV - ok

20:05:41.0985 3040 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

20:05:42.0059 3040 IPNAT - ok

20:05:42.0105 3040 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

20:05:42.0187 3040 IRENUM - ok

20:05:42.0234 3040 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

20:05:42.0248 3040 isapnp - ok

20:05:42.0307 3040 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

20:05:42.0338 3040 iScsiPrt - ok

20:05:42.0393 3040 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

20:05:42.0415 3040 kbdclass - ok

20:05:42.0461 3040 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

20:05:42.0486 3040 kbdhid - ok

20:05:42.0512 3040 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:05:42.0535 3040 KeyIso - ok

20:05:42.0562 3040 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

20:05:42.0583 3040 KSecDD - ok

20:05:42.0634 3040 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

20:05:42.0664 3040 KSecPkg - ok

20:05:42.0839 3040 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

20:05:42.0899 3040 ksthunk - ok

20:05:42.0958 3040 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

20:05:43.0035 3040 KtmRm - ok

20:05:43.0100 3040 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

20:05:43.0183 3040 LanmanServer - ok

20:05:43.0232 3040 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

20:05:43.0301 3040 LanmanWorkstation - ok

20:05:43.0354 3040 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

20:05:43.0419 3040 lltdio - ok

20:05:43.0487 3040 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

20:05:43.0568 3040 lltdsvc - ok

20:05:43.0597 3040 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

20:05:43.0645 3040 lmhosts - ok

20:05:43.0840 3040 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

20:05:43.0861 3040 LSI_FC - ok

20:05:43.0913 3040 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

20:05:43.0952 3040 LSI_SAS - ok

20:05:44.0010 3040 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

20:05:44.0041 3040 LSI_SAS2 - ok

20:05:44.0097 3040 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

20:05:44.0124 3040 LSI_SCSI - ok

20:05:44.0178 3040 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

20:05:44.0247 3040 luafv - ok

20:05:44.0328 3040 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

20:05:44.0348 3040 MBAMProtector - ok

20:05:44.0488 3040 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

20:05:44.0540 3040 MBAMService - ok

20:05:44.0583 3040 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

20:05:44.0629 3040 Mcx2Svc - ok

20:05:44.0801 3040 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys

20:05:44.0844 3040 mdmxsdk - ok

20:05:44.0875 3040 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

20:05:44.0889 3040 megasas - ok

20:05:44.0940 3040 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

20:05:44.0967 3040 MegaSR - ok

20:05:45.0029 3040 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

20:05:45.0088 3040 MMCSS - ok

20:05:45.0117 3040 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

20:05:45.0180 3040 Modem - ok

20:05:45.0235 3040 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

20:05:45.0276 3040 monitor - ok

20:05:45.0321 3040 motmodem (060f0ef84f430802df3788f3dcfd009c) C:\Windows\system32\DRIVERS\motmodem.sys

20:05:45.0407 3040 motmodem - ok

20:05:45.0527 3040 MotoHelper (98a10ac4257a3ba48c9611338544ee49) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

20:05:45.0551 3040 MotoHelper - ok

20:05:45.0612 3040 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

20:05:45.0629 3040 mouclass - ok

20:05:45.0819 3040 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

20:05:45.0852 3040 mouhid - ok

20:05:45.0905 3040 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

20:05:45.0930 3040 mountmgr - ok

20:05:45.0983 3040 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

20:05:46.0024 3040 mpio - ok

20:05:46.0067 3040 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

20:05:46.0128 3040 mpsdrv - ok

20:05:46.0213 3040 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

20:05:46.0302 3040 MpsSvc - ok

20:05:46.0350 3040 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

20:05:46.0396 3040 MRxDAV - ok

20:05:46.0453 3040 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

20:05:46.0518 3040 mrxsmb - ok

20:05:46.0582 3040 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:05:46.0629 3040 mrxsmb10 - ok

20:05:46.0804 3040 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:05:46.0838 3040 mrxsmb20 - ok

20:05:46.0881 3040 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

20:05:46.0898 3040 msahci - ok

20:05:46.0948 3040 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

20:05:46.0970 3040 msdsm - ok

20:05:47.0021 3040 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

20:05:47.0066 3040 MSDTC - ok

20:05:47.0135 3040 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

20:05:47.0186 3040 Msfs - ok

20:05:47.0253 3040 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

20:05:47.0320 3040 mshidkmdf - ok

20:05:47.0355 3040 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

20:05:47.0369 3040 msisadrv - ok

20:05:47.0438 3040 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

20:05:47.0510 3040 MSiSCSI - ok

20:05:47.0528 3040 msiserver - ok

20:05:47.0577 3040 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

20:05:47.0636 3040 MSKSSRV - ok

20:05:47.0844 3040 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

20:05:47.0905 3040 MSPCLOCK - ok

20:05:47.0944 3040 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

20:05:48.0003 3040 MSPQM - ok

20:05:48.0058 3040 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

20:05:48.0091 3040 MsRPC - ok

20:05:48.0145 3040 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

20:05:48.0160 3040 mssmbios - ok

20:05:48.0207 3040 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

20:05:48.0272 3040 MSTEE - ok

20:05:48.0301 3040 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

20:05:48.0337 3040 MTConfig - ok

20:05:48.0376 3040 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

20:05:48.0395 3040 Mup - ok

20:05:48.0456 3040 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

20:05:48.0539 3040 napagent - ok

20:05:48.0600 3040 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

20:05:48.0667 3040 NativeWifiP - ok

20:05:48.0970 3040 NBService (2637f26312ecceeb6f110e95f1ece243) C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe

20:05:49.0047 3040 NBService ( UnsignedFile.Multi.Generic ) - warning

20:05:49.0047 3040 NBService - detected UnsignedFile.Multi.Generic (1)

20:05:49.0138 3040 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

20:05:49.0199 3040 NDIS - ok

20:05:49.0250 3040 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

20:05:49.0312 3040 NdisCap - ok

20:05:49.0364 3040 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

20:05:49.0424 3040 NdisTapi - ok

20:05:49.0474 3040 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

20:05:49.0531 3040 Ndisuio - ok

20:05:49.0581 3040 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

20:05:49.0650 3040 NdisWan - ok

20:05:49.0825 3040 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

20:05:49.0874 3040 NDProxy - ok

20:05:49.0939 3040 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

20:05:50.0000 3040 NetBIOS - ok

20:05:50.0056 3040 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

20:05:50.0141 3040 NetBT - ok

20:05:50.0175 3040 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:05:50.0200 3040 Netlogon - ok

20:05:50.0269 3040 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

20:05:50.0352 3040 Netman - ok

20:05:50.0424 3040 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

20:05:50.0514 3040 netprofm - ok

20:05:50.0635 3040 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

20:05:50.0663 3040 NetTcpPortSharing - ok

20:05:50.0832 3040 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

20:05:50.0847 3040 nfrd960 - ok

20:05:50.0920 3040 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

20:05:50.0995 3040 NlaSvc - ok

20:05:51.0043 3040 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

20:05:51.0093 3040 Npfs - ok

20:05:51.0139 3040 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

20:05:51.0215 3040 nsi - ok

20:05:51.0250 3040 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

20:05:51.0308 3040 nsiproxy - ok

20:05:51.0446 3040 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

20:05:51.0577 3040 Ntfs - ok

20:05:51.0835 3040 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

20:05:51.0899 3040 Null - ok

20:05:51.0977 3040 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys

20:05:52.0028 3040 NVENETFD - ok

20:05:52.0650 3040 nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys

20:05:53.0234 3040 nvlddmkm - ok

20:05:53.0412 3040 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys

20:05:53.0456 3040 NVNET - ok

20:05:53.0500 3040 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

20:05:53.0530 3040 nvraid - ok

20:05:53.0589 3040 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

20:05:53.0608 3040 nvstor - ok

20:05:53.0654 3040 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

20:05:53.0810 3040 nv_agp - ok

20:05:53.0860 3040 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

20:05:53.0895 3040 ohci1394 - ok

20:05:53.0956 3040 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

20:05:54.0030 3040 p2pimsvc - ok

20:05:54.0086 3040 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

20:05:54.0130 3040 p2psvc - ok

20:05:54.0173 3040 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

20:05:54.0207 3040 Parport - ok

20:05:54.0250 3040 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

20:05:54.0272 3040 partmgr - ok

20:05:54.0316 3040 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

20:05:54.0374 3040 PcaSvc - ok

20:05:54.0421 3040 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

20:05:54.0447 3040 pci - ok

20:05:54.0494 3040 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

20:05:54.0507 3040 pciide - ok

20:05:54.0556 3040 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

20:05:54.0591 3040 pcmcia - ok

20:05:54.0626 3040 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

20:05:54.0641 3040 pcw - ok

20:05:54.0830 3040 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

20:05:54.0928 3040 PEAUTH - ok

20:05:55.0020 3040 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll

20:05:55.0163 3040 PeerDistSvc - ok

20:05:55.0258 3040 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

20:05:55.0301 3040 PerfHost - ok

20:05:55.0486 3040 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

20:05:55.0604 3040 pla - ok

20:05:55.0860 3040 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

20:05:55.0952 3040 PlugPlay - ok

20:05:55.0984 3040 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

20:05:56.0011 3040 PNRPAutoReg - ok

20:05:56.0051 3040 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

20:05:56.0079 3040 PNRPsvc - ok

20:05:56.0174 3040 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys

20:05:56.0197 3040 Point64 - ok

20:05:56.0268 3040 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

20:05:56.0353 3040 PolicyAgent - ok

20:05:56.0419 3040 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

20:05:56.0499 3040 Power - ok

20:05:56.0563 3040 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

20:05:56.0632 3040 PptpMiniport - ok

20:05:56.0805 3040 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

20:05:56.0845 3040 Processor - ok

20:05:56.0907 3040 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

20:05:56.0982 3040 ProfSvc - ok

20:05:57.0022 3040 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:05:57.0056 3040 ProtectedStorage - ok

20:05:57.0113 3040 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

20:05:57.0193 3040 Psched - ok

20:05:57.0342 3040 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

20:05:57.0438 3040 ql2300 - ok

20:05:57.0571 3040 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

20:05:57.0590 3040 ql40xx - ok

20:05:57.0643 3040 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

20:05:57.0833 3040 QWAVE - ok

20:05:57.0869 3040 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

20:05:57.0915 3040 QWAVEdrv - ok

20:05:57.0958 3040 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

20:05:58.0024 3040 RasAcd - ok

20:05:58.0071 3040 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

20:05:58.0128 3040 RasAgileVpn - ok

20:05:58.0170 3040 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

20:05:58.0247 3040 RasAuto - ok

20:05:58.0306 3040 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

20:05:58.0389 3040 Rasl2tp - ok

20:05:58.0444 3040 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

20:05:58.0523 3040 RasMan - ok

20:05:58.0571 3040 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

20:05:58.0627 3040 RasPppoe - ok

20:05:58.0820 3040 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

20:05:58.0931 3040 RasSstp - ok

20:05:58.0994 3040 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

20:05:59.0071 3040 rdbss - ok

20:05:59.0109 3040 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

20:05:59.0151 3040 rdpbus - ok

20:05:59.0179 3040 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

20:05:59.0246 3040 RDPCDD - ok

20:05:59.0302 3040 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

20:05:59.0348 3040 RDPDR - ok

20:05:59.0389 3040 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

20:05:59.0450 3040 RDPENCDD - ok

20:05:59.0496 3040 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

20:05:59.0545 3040 RDPREFMP - ok

20:05:59.0621 3040 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys

20:05:59.0667 3040 RdpVideoMiniport - ok

20:05:59.0845 3040 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

20:05:59.0907 3040 RDPWD - ok

20:05:59.0965 3040 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

20:05:59.0994 3040 rdyboost - ok

20:06:00.0038 3040 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

20:06:00.0114 3040 RemoteAccess - ok

20:06:00.0164 3040 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

20:06:00.0246 3040 RemoteRegistry - ok

20:06:00.0299 3040 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

20:06:00.0373 3040 RpcEptMapper - ok

20:06:00.0416 3040 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

20:06:00.0453 3040 RpcLocator - ok

20:06:00.0519 3040 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

20:06:00.0578 3040 RpcSs - ok

20:06:00.0636 3040 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

20:06:00.0820 3040 rspndr - ok

20:06:00.0868 3040 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

20:06:00.0912 3040 s3cap - ok

20:06:00.0955 3040 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:06:00.0978 3040 SamSs - ok

20:06:01.0016 3040 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

20:06:01.0036 3040 sbp2port - ok

20:06:01.0083 3040 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

20:06:01.0165 3040 SCardSvr - ok

20:06:01.0220 3040 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

20:06:01.0280 3040 scfilter - ok

20:06:01.0380 3040 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

20:06:01.0523 3040 Schedule - ok

20:06:01.0575 3040 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

20:06:01.0625 3040 SCPolicySvc - ok

20:06:01.0806 3040 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

20:06:01.0866 3040 SDRSVC - ok

20:06:01.0943 3040 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

20:06:01.0998 3040 secdrv - ok

20:06:02.0038 3040 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

20:06:02.0087 3040 seclogon - ok

20:06:02.0126 3040 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

20:06:02.0181 3040 SENS - ok

20:06:02.0219 3040 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

20:06:02.0271 3040 SensrSvc - ok

20:06:02.0296 3040 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

20:06:02.0338 3040 Serenum - ok

20:06:02.0380 3040 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

20:06:02.0409 3040 Serial - ok

20:06:02.0447 3040 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

20:06:02.0499 3040 sermouse - ok

20:06:02.0572 3040 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

20:06:02.0644 3040 SessionEnv - ok

20:06:02.0815 3040 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

20:06:02.0869 3040 sffdisk - ok

20:06:02.0905 3040 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

20:06:02.0938 3040 sffp_mmc - ok

20:06:02.0970 3040 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

20:06:03.0013 3040 sffp_sd - ok

20:06:03.0053 3040 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

20:06:03.0099 3040 sfloppy - ok

20:06:03.0153 3040 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

20:06:03.0241 3040 SharedAccess - ok

20:06:03.0296 3040 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

20:06:03.0382 3040 ShellHWDetection - ok

20:06:03.0432 3040 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

20:06:03.0457 3040 SiSRaid2 - ok

20:06:03.0478 3040 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

20:06:03.0497 3040 SiSRaid4 - ok

20:06:03.0553 3040 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

20:06:03.0639 3040 Smb - ok

20:06:03.0835 3040 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

20:06:03.0883 3040 SNMPTRAP - ok

20:06:03.0910 3040 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

20:06:03.0923 3040 spldr - ok

20:06:03.0991 3040 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

20:06:04.0060 3040 Spooler - ok

20:06:04.0258 3040 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

20:06:04.0472 3040 sppsvc - ok

20:06:04.0569 3040 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

20:06:04.0633 3040 sppuinotify - ok

20:06:04.0853 3040 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

20:06:04.0922 3040 srv - ok

20:06:04.0979 3040 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

20:06:05.0024 3040 srv2 - ok

20:06:05.0071 3040 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

20:06:05.0108 3040 srvnet - ok

20:06:05.0171 3040 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys

20:06:05.0229 3040 ssadbus - ok

20:06:05.0284 3040 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys

20:06:05.0335 3040 ssadmdfl - ok

20:06:05.0400 3040 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys

20:06:05.0451 3040 ssadmdm - ok

20:06:05.0508 3040 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

20:06:05.0592 3040 SSDPSRV - ok

20:06:05.0643 3040 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

20:06:05.0825 3040 SstpSvc - ok

20:06:05.0873 3040 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

20:06:05.0887 3040 stexstor - ok

20:06:05.0960 3040 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

20:06:06.0026 3040 stisvc - ok

20:06:06.0084 3040 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

20:06:06.0099 3040 storflt - ok

20:06:06.0137 3040 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

20:06:06.0152 3040 storvsc - ok

20:06:06.0180 3040 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

20:06:06.0208 3040 swenum - ok

20:06:06.0275 3040 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

20:06:06.0366 3040 swprv - ok

20:06:06.0404 3040 Synth3dVsc - ok

20:06:06.0532 3040 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

20:06:06.0812 3040 SysMain - ok

20:06:06.0926 3040 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

20:06:06.0975 3040 TabletInputService - ok

20:06:07.0024 3040 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

20:06:07.0106 3040 TapiSrv - ok

20:06:07.0147 3040 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

20:06:07.0222 3040 TBS - ok

20:06:07.0395 3040 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

20:06:07.0497 3040 Tcpip - ok

20:06:07.0897 3040 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

20:06:07.0982 3040 TCPIP6 - ok

20:06:08.0142 3040 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

20:06:08.0210 3040 tcpipreg - ok

20:06:08.0261 3040 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

20:06:08.0307 3040 TDPIPE - ok

20:06:08.0355 3040 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

20:06:08.0390 3040 TDTCP - ok

20:06:08.0458 3040 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

20:06:08.0519 3040 tdx - ok

20:06:08.0577 3040 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

20:06:08.0599 3040 TermDD - ok

20:06:08.0803 3040 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

20:06:08.0896 3040 TermService - ok

20:06:08.0936 3040 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

20:06:08.0980 3040 Themes - ok

20:06:09.0027 3040 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

20:06:09.0080 3040 THREADORDER - ok

20:06:09.0148 3040 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

20:06:09.0234 3040 TrkWks - ok

20:06:09.0311 3040 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

20:06:09.0392 3040 TrustedInstaller - ok

20:06:09.0443 3040 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

20:06:09.0509 3040 tssecsrv - ok

20:06:09.0559 3040 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

20:06:09.0609 3040 TsUsbFlt - ok

20:06:09.0626 3040 tsusbhub - ok

20:06:09.0817 3040 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

20:06:09.0892 3040 tunnel - ok

20:06:09.0933 3040 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

20:06:09.0952 3040 uagp35 - ok

20:06:10.0010 3040 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

20:06:10.0085 3040 udfs - ok

20:06:10.0142 3040 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

20:06:10.0184 3040 UI0Detect - ok

20:06:10.0230 3040 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

20:06:10.0247 3040 uliagpkx - ok

20:06:10.0297 3040 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

20:06:10.0340 3040 umbus - ok

20:06:10.0380 3040 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

20:06:10.0421 3040 UmPass - ok

20:06:10.0467 3040 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll

20:06:10.0520 3040 UmRdpService - ok

20:06:10.0576 3040 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

20:06:10.0661 3040 upnphost - ok

20:06:10.0849 3040 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

20:06:10.0895 3040 usbccgp - ok

20:06:10.0937 3040 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

20:06:10.0978 3040 usbcir - ok

20:06:11.0026 3040 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

20:06:11.0053 3040 usbehci - ok

20:06:11.0119 3040 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

20:06:11.0159 3040 usbhub - ok

20:06:11.0204 3040 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

20:06:11.0246 3040 usbohci - ok

20:06:11.0290 3040 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

20:06:11.0338 3040 usbprint - ok

20:06:11.0390 3040 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

20:06:11.0435 3040 USBSTOR - ok

20:06:11.0477 3040 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

20:06:11.0519 3040 usbuhci - ok

20:06:11.0561 3040 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

20:06:11.0642 3040 UxSms - ok

20:06:11.0801 3040 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:06:11.0827 3040 VaultSvc - ok

20:06:11.0901 3040 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

20:06:11.0916 3040 vdrvroot - ok

20:06:11.0991 3040 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

20:06:12.0068 3040 vds - ok

20:06:12.0132 3040 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

20:06:12.0163 3040 vga - ok

20:06:12.0201 3040 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

20:06:12.0267 3040 VgaSave - ok

20:06:12.0295 3040 VGPU - ok

20:06:12.0357 3040 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

20:06:12.0384 3040 vhdmp - ok

20:06:12.0424 3040 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

20:06:12.0439 3040 viaide - ok

20:06:12.0492 3040 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

20:06:12.0526 3040 vmbus - ok

20:06:12.0569 3040 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

20:06:12.0605 3040 VMBusHID - ok

20:06:12.0648 3040 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

20:06:12.0664 3040 volmgr - ok

20:06:12.0857 3040 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

20:06:12.0888 3040 volmgrx - ok

20:06:12.0940 3040 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

20:06:12.0986 3040 volsnap - ok

20:06:13.0030 3040 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

20:06:13.0058 3040 vsmraid - ok

20:06:13.0175 3040 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

20:06:13.0305 3040 VSS - ok

20:06:13.0456 3040 VST64HWBS2 (93132c69394a99d992095d8cfe464801) C:\Windows\system32\DRIVERS\VSTBS26.SYS

20:06:13.0511 3040 VST64HWBS2 - ok

20:06:13.0623 3040 VST64_DPV (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

20:06:13.0842 3040 VST64_DPV - ok

20:06:13.0967 3040 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

20:06:14.0018 3040 vwifibus - ok

20:06:14.0090 3040 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

20:06:14.0159 3040 W32Time - ok

20:06:14.0208 3040 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

20:06:14.0250 3040 WacomPen - ok

20:06:14.0318 3040 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

20:06:14.0395 3040 WANARP - ok

20:06:14.0419 3040 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

20:06:14.0472 3040 Wanarpv6 - ok

20:06:14.0578 3040 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

20:06:14.0657 3040 WatAdminSvc - ok

20:06:14.0898 3040 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

20:06:14.0998 3040 wbengine - ok

20:06:15.0108 3040 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

20:06:15.0154 3040 WbioSrvc - ok

20:06:15.0210 3040 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

20:06:15.0272 3040 wcncsvc - ok

20:06:15.0318 3040 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

20:06:15.0355 3040 WcsPlugInService - ok

20:06:15.0417 3040 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

20:06:15.0432 3040 Wd - ok

20:06:15.0489 3040 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

20:06:15.0529 3040 Wdf01000 - ok

20:06:15.0564 3040 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

20:06:15.0814 3040 WdiServiceHost - ok

20:06:15.0830 3040 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

20:06:15.0867 3040 WdiSystemHost - ok

20:06:15.0921 3040 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

20:06:15.0984 3040 WebClient - ok

20:06:16.0039 3040 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

20:06:16.0119 3040 Wecsvc - ok

20:06:16.0171 3040 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

20:06:16.0248 3040 wercplsupport - ok

20:06:16.0295 3040 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

20:06:16.0353 3040 WerSvc - ok

20:06:16.0433 3040 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

20:06:16.0494 3040 WfpLwf - ok

20:06:16.0529 3040 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

20:06:16.0543 3040 WIMMount - ok

20:06:16.0614 3040 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys

20:06:16.0819 3040 winachsf - ok

20:06:16.0885 3040 WinDefend - ok

20:06:16.0919 3040 WinHttpAutoProxySvc - ok

20:06:17.0003 3040 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

20:06:17.0083 3040 Winmgmt - ok

20:06:17.0224 3040 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

20:06:17.0353 3040 WinRM - ok

20:06:17.0533 3040 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys

20:06:17.0577 3040 WinUSB - ok

20:06:17.0652 3040 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

20:06:17.0861 3040 Wlansvc - ok

20:06:17.0903 3040 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

20:06:17.0947 3040 WmiAcpi - ok

20:06:18.0036 3040 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

20:06:18.0121 3040 wmiApSrv - ok

20:06:18.0192 3040 WMPNetworkSvc - ok

20:06:18.0324 3040 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) C:\Program Files\Zune\WMZuneComm.exe

20:06:18.0357 3040 WMZuneComm - ok

20:06:18.0405 3040 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

20:06:18.0443 3040 WPCSvc - ok

20:06:18.0489 3040 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

20:06:18.0544 3040 WPDBusEnum - ok

20:06:18.0584 3040 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

20:06:18.0655 3040 ws2ifsl - ok

20:06:18.0827 3040 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

20:06:18.0881 3040 wscsvc - ok

20:06:18.0900 3040 WSearch - ok

20:06:19.0042 3040 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

20:06:19.0183 3040 wuauserv - ok

20:06:19.0333 3040 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

20:06:19.0423 3040 WudfPf - ok

20:06:19.0481 3040 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

20:06:19.0549 3040 WUDFRd - ok

20:06:19.0601 3040 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

20:06:19.0656 3040 wudfsvc - ok

20:06:19.0828 3040 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

20:06:19.0890 3040 WwanSvc - ok

20:06:19.0934 3040 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys

20:06:19.0970 3040 XAudio - ok

20:06:20.0473 3040 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) C:\Program Files\Zune\ZuneNss.exe

20:06:20.0951 3040 ZuneNetworkSvc - ok

20:06:21.0105 3040 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) C:\Program Files\Zune\ZuneWlanCfgSvc.exe

20:06:21.0158 3040 ZuneWlanCfgSvc - ok

20:06:21.0216 3040 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

20:06:21.0304 3040 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

20:06:21.0304 3040 \Device\Harddisk0\DR0 - detected TDSS File System (1)

20:06:21.0319 3040 Boot (0x1200) (e376c8c4ab5392a4ccea97eea69739cf) \Device\Harddisk0\DR0\Partition0

20:06:21.0321 3040 \Device\Harddisk0\DR0\Partition0 - ok

20:06:21.0364 3040 Boot (0x1200) (e15b387fcd9cf3b3c1ddd29343943c59) \Device\Harddisk0\DR0\Partition1

20:06:21.0365 3040 \Device\Harddisk0\DR0\Partition1 - ok

20:06:21.0371 3040 ============================================================

20:06:21.0371 3040 Scan finished

20:06:21.0371 3040 ============================================================

20:06:21.0397 1520 Detected object count: 2

20:06:21.0397 1520 Actual detected object count: 2

20:12:20.0863 1520 NBService ( UnsignedFile.Multi.Generic ) - skipped by user

20:12:20.0863 1520 NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:12:20.0920 1520 \Device\Harddisk0\DR0\TDLFS\cfg.ini - copied to quarantine

20:12:20.0922 1520 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine

20:12:20.0923 1520 \Device\Harddisk0\DR0\TDLFS\bckfg.tmp - copied to quarantine

20:12:20.0932 1520 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

20:12:20.0934 1520 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

20:12:20.0937 1520 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

20:12:20.0940 1520 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

20:12:20.0950 1520 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

20:12:20.0956 1520 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

20:12:20.0963 1520 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

20:12:20.0992 1520 \Device\Harddisk0\DR0\TDLFS\sspr - copied to quarantine

20:12:20.0997 1520 \Device\Harddisk0\DR0\TDLFS\r.dll - copied to quarantine

20:12:20.0998 1520 \Device\Harddisk0\DR0\TDLFS - deleted

20:12:20.0998 1520 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete

20:13:26.0388 0384 Deinitialize success

Link to post
Share on other sites

TDSSKiller took out the rootkit.

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:

If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Thank You MrCharlie:

Here's the ComboFix log:

ComboFix 12-04-24.05 - Scott 04/24/2012 20:44:17.1.1 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1471.904 [GMT -5:00]

Running from: c:\users\Scott\Desktop\ComboFix.exe

AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

FW: AVG Firewall *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}

SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\p64mlj5p.default\weave\toFetch

D:\Autorun.inf

.

.

((((((((((((((((((((((((( Files Created from 2012-03-25 to 2012-04-25 )))))))))))))))))))))))))))))))

.

.

2012-04-25 01:12 . 2012-04-25 01:12 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-21 12:55 . 2012-04-21 12:55 -------- d-----w- c:\users\Scott\AppData\Local\ElevatedDiagnostics

2012-04-15 09:50 . 2012-04-15 09:50 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-04-12 08:36 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-12 08:36 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-04-12 08:36 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-04-12 08:35 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-12 08:35 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-12 08:35 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-12 08:35 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-12 08:35 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-12 08:35 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-12 08:35 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-11 13:24 . 2012-04-11 13:24 -------- d-----w- c:\users\Scott\AppData\Local\Apps

2012-04-11 13:21 . 2012-04-11 13:21 -------- d-----w- c:\users\Scott\AppData\Roaming\FastStone

2012-04-11 13:20 . 2012-04-11 13:20 -------- d-----w- c:\program files (x86)\FastStone Image Viewer

2012-03-31 08:21 . 2012-03-31 08:21 -------- d-----w- c:\users\Sherry

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-15 09:50 . 2011-11-24 16:33 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-04 20:56 . 2011-11-26 22:23 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-02-20 15:16 . 2011-11-26 22:48 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-02-17 06:38 . 2012-03-14 10:48 1112064 ----a-w- c:\windows\system32\rdpcorets.dll

2012-02-17 06:38 . 2012-03-14 10:48 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-14 10:48 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-14 10:48 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-14 10:48 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-16 11:53 . 2012-02-16 11:53 466456 ----a-w- c:\windows\system32\wrap_oal.dll

2012-02-16 11:53 . 2012-02-16 11:53 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2012-02-16 11:53 . 2012-02-16 11:53 122904 ----a-w- c:\windows\system32\OpenAL32.dll

2012-02-16 11:53 . 2012-02-16 11:53 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2012-02-10 06:36 . 2012-03-14 10:49 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:38 . 2012-03-14 10:49 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-02-03 04:34 . 2012-03-14 10:49 3145728 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Nero PhotoShow Media Manager"="c:\progra~2\Nero\NERO7~1\NEROPH~2\data\Xtras\mssysmgr.exe" [2006-05-10 249856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]

S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]

S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]

S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-08-10 227184]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]

S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys [x]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-25 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 09:50]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.0.1 205.171.3.25

FF - ProfilePath - c:\users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\p64mlj5p.default\

FF - prefs.js: browser.search.selectedEngine - Startpage HTTPS

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\UninstFl.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3651193171-666663103-883258570-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

.

**************************************************************************

.

Completion time: 2012-04-24 21:00:18 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-25 02:00

.

Pre-Run: 82,605,613,056 bytes free

Post-Run: 82,093,047,808 bytes free

.

- - End Of File - - DFE73CBBE08175BDEAEBAD9FA57DC605

Link to post
Share on other sites

Click on the link that pertains to your country and see if it comes up:

DNS Resolution = GREEN

http://www.dns-ok.us/ <--------for USA

http://www.dcwg.org/detect/ <---other countries

--------------------------------

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how it is, MrC

Link to post
Share on other sites

MBAM quick scan log:

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.25.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Scott :: SCOTT-PC [administrator]

Protection: Enabled

4/25/2012 9:37:35 AM

mbam-log-2012-04-25 (09-37-35).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 216629

Time elapsed: 2 minute(s), 34 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Thank you for your assistance. :D

Link to post
Share on other sites

Yes you can and.......

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

----------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

I too just started getting this exact same pop-up that says "Authentication Requested". It asks for a user name and password. It says the request is coming from "AxView". I always close the window but it keeps coming back. Have run multiple scans with Webroot with no detections. Can you help me? My operating system is Windows XP.

Thank you,

Link to post
Share on other sites

It turns out that I still have this problem. After all the help I received on this forum, and all the scans and logs, the pop-up returned an hour after I finished. :angry2:

I am trying a couple of different rootkit removal programs. If I have any success or learn any thing else about this problem, I'll post back here to let everyone know.

If anyone else has any info about these pop-ups I would love to hear from you.

Thank You

PB68 :blink:

Link to post
Share on other sites

You have to remember something, todays malware is very sophisticated and stealth. It takes time and patience, plus we may have to run many scans to find the culprit......that's the way it is today. Just look at some of the resolved logs, you'll see what it takes.

------------------------------------------

Lets run TDSSKiller again, because that's the program that found the infection before, please make sure you have downloaded a fresh copy:

Please make sure system restore is running and create a new restore point before continuing.

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

Here is the latest TDSSKiller log: (Only one Unsigned file found)

04:14:34.0816 2844 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43

04:14:36.0826 2844 ============================================================

04:14:36.0826 2844 Current date / time: 2012/04/28 04:14:36.0826

04:14:36.0826 2844 SystemInfo:

04:14:36.0826 2844

04:14:36.0826 2844 OS Version: 6.1.7601 ServicePack: 1.0

04:14:36.0826 2844 Product type: Workstation

04:14:36.0826 2844 ComputerName: SCOTT-PC

04:14:36.0831 2844 UserName: Scott

04:14:36.0831 2844 Windows directory: C:\Windows

04:14:36.0831 2844 System windows directory: C:\Windows

04:14:36.0831 2844 Running under WOW64

04:14:36.0831 2844 Processor architecture: Intel x64

04:14:36.0831 2844 Number of processors: 1

04:14:36.0831 2844 Page size: 0x1000

04:14:36.0831 2844 Boot type: Normal boot

04:14:36.0831 2844 ============================================================

04:14:38.0898 2844 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3C91, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040

04:14:38.0982 2844 ============================================================

04:14:38.0982 2844 \Device\Harddisk0\DR0:

04:14:38.0990 2844 MBR partitions:

04:14:38.0990 2844 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xCF2A6B1

04:14:38.0990 2844 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0xCF2E200, BlocksNum 0x1065210

04:14:38.0990 2844 ============================================================

04:14:39.0010 2844 C: <-> \Device\Harddisk0\DR0\Partition0

04:14:39.0038 2844 D: <-> \Device\Harddisk0\DR0\Partition1

04:14:39.0079 2844 ============================================================

04:14:39.0080 2844 Initialize success

04:14:39.0080 2844 ============================================================

04:15:31.0098 1268 ============================================================

04:15:31.0098 1268 Scan started

04:15:31.0098 1268 Mode: Manual; SigCheck; TDLFS;

04:15:31.0098 1268 ============================================================

04:15:32.0142 1268 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

04:15:32.0664 1268 1394ohci - ok

04:15:32.0732 1268 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

04:15:32.0760 1268 ACPI - ok

04:15:32.0803 1268 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

04:15:32.0916 1268 AcpiPmi - ok

04:15:33.0036 1268 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

04:15:33.0068 1268 AdobeARMservice - ok

04:15:33.0421 1268 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

04:15:33.0510 1268 AdobeFlashPlayerUpdateSvc - ok

04:15:33.0606 1268 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

04:15:33.0685 1268 adp94xx - ok

04:15:33.0750 1268 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

04:15:33.0784 1268 adpahci - ok

04:15:33.0846 1268 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

04:15:33.0873 1268 adpu320 - ok

04:15:33.0916 1268 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

04:15:34.0055 1268 AeLookupSvc - ok

04:15:34.0138 1268 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

04:15:34.0433 1268 AFD - ok

04:15:34.0528 1268 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

04:15:34.0563 1268 agp440 - ok

04:15:34.0648 1268 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

04:15:34.0692 1268 ALG - ok

04:15:34.0747 1268 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

04:15:34.0762 1268 aliide - ok

04:15:34.0819 1268 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

04:15:34.0846 1268 amdide - ok

04:15:34.0918 1268 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

04:15:35.0000 1268 AmdK8 - ok

04:15:35.0047 1268 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

04:15:35.0107 1268 AmdPPM - ok

04:15:35.0160 1268 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

04:15:35.0360 1268 amdsata - ok

04:15:35.0425 1268 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

04:15:35.0472 1268 amdsbs - ok

04:15:35.0518 1268 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

04:15:35.0545 1268 amdxata - ok

04:15:35.0595 1268 androidusb (4de0d5d747a73797c95a97dcce5018b5) C:\Windows\system32\Drivers\ssadadb.sys

04:15:35.0759 1268 androidusb - ok

04:15:35.0823 1268 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

04:15:36.0041 1268 AppID - ok

04:15:36.0092 1268 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

04:15:36.0163 1268 AppIDSvc - ok

04:15:36.0399 1268 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

04:15:36.0454 1268 Appinfo - ok

04:15:36.0505 1268 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll

04:15:36.0581 1268 AppMgmt - ok

04:15:36.0651 1268 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

04:15:36.0708 1268 arc - ok

04:15:36.0767 1268 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

04:15:36.0788 1268 arcsas - ok

04:15:36.0828 1268 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

04:15:36.0903 1268 AsyncMac - ok

04:15:36.0948 1268 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

04:15:36.0965 1268 atapi - ok

04:15:37.0058 1268 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

04:15:37.0151 1268 AudioEndpointBuilder - ok

04:15:37.0355 1268 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

04:15:37.0407 1268 AudioSrv - ok

04:15:37.0495 1268 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys

04:15:37.0507 1268 Avgfwfd - ok

04:15:37.0803 1268 avgfws (3f246752bc1309f71a737c6a90dd5295) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe

04:15:37.0918 1268 avgfws - ok

04:15:38.0521 1268 AVGIDSAgent (2fa777badbb92b29fbd2f3d3d382ef96) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe

04:15:38.0757 1268 AVGIDSAgent - ok

04:15:38.0927 1268 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys

04:15:38.0971 1268 AVGIDSDriver - ok

04:15:39.0029 1268 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys

04:15:39.0043 1268 AVGIDSFilter - ok

04:15:39.0110 1268 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys

04:15:39.0141 1268 AVGIDSHA - ok

04:15:39.0398 1268 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys

04:15:39.0430 1268 Avgldx64 - ok

04:15:39.0488 1268 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys

04:15:39.0505 1268 Avgmfx64 - ok

04:15:39.0571 1268 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys

04:15:39.0598 1268 Avgrkx64 - ok

04:15:39.0675 1268 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys

04:15:39.0714 1268 Avgtdia - ok

04:15:39.0874 1268 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

04:15:39.0890 1268 avgwd - ok

04:15:39.0951 1268 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

04:15:40.0071 1268 AxInstSV - ok

04:15:40.0155 1268 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

04:15:40.0398 1268 b06bdrv - ok

04:15:40.0463 1268 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

04:15:40.0516 1268 b57nd60a - ok

04:15:40.0586 1268 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

04:15:40.0655 1268 BDESVC - ok

04:15:40.0708 1268 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

04:15:40.0761 1268 Beep - ok

04:15:40.0849 1268 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

04:15:40.0925 1268 BFE - ok

04:15:41.0018 1268 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

04:15:41.0118 1268 BITS - ok

04:15:41.0365 1268 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

04:15:41.0409 1268 blbdrive - ok

04:15:41.0449 1268 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

04:15:41.0534 1268 bowser - ok

04:15:41.0586 1268 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

04:15:41.0692 1268 BrFiltLo - ok

04:15:41.0728 1268 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

04:15:41.0782 1268 BrFiltUp - ok

04:15:41.0825 1268 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

04:15:41.0883 1268 BridgeMP - ok

04:15:41.0927 1268 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

04:15:42.0001 1268 Browser - ok

04:15:42.0051 1268 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

04:15:42.0120 1268 Brserid - ok

04:15:42.0160 1268 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

04:15:42.0374 1268 BrSerWdm - ok

04:15:42.0411 1268 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

04:15:42.0447 1268 BrUsbMdm - ok

04:15:42.0485 1268 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

04:15:42.0540 1268 BrUsbSer - ok

04:15:42.0583 1268 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

04:15:42.0616 1268 BTHMODEM - ok

04:15:42.0678 1268 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

04:15:42.0770 1268 bthserv - ok

04:15:42.0854 1268 CAXHWBS2 (46f088d1247e825b313200254edd9e5b) C:\Windows\system32\DRIVERS\CAXHWBS2.sys

04:15:42.0922 1268 CAXHWBS2 - ok

04:15:42.0977 1268 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

04:15:43.0044 1268 cdfs - ok

04:15:43.0108 1268 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

04:15:43.0152 1268 cdrom - ok

04:15:43.0403 1268 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

04:15:43.0463 1268 CertPropSvc - ok

04:15:43.0502 1268 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

04:15:43.0545 1268 circlass - ok

04:15:43.0600 1268 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

04:15:43.0636 1268 CLFS - ok

04:15:43.0744 1268 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

04:15:43.0828 1268 clr_optimization_v2.0.50727_32 - ok

04:15:43.0912 1268 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

04:15:43.0960 1268 clr_optimization_v2.0.50727_64 - ok

04:15:44.0048 1268 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

04:15:44.0152 1268 clr_optimization_v4.0.30319_32 - ok

04:15:44.0408 1268 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

04:15:44.0468 1268 clr_optimization_v4.0.30319_64 - ok

04:15:44.0525 1268 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

04:15:44.0581 1268 CmBatt - ok

04:15:44.0624 1268 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

04:15:44.0653 1268 cmdide - ok

04:15:44.0717 1268 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

04:15:44.0827 1268 CNG - ok

04:15:44.0864 1268 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

04:15:44.0880 1268 Compbatt - ok

04:15:44.0933 1268 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

04:15:44.0969 1268 CompositeBus - ok

04:15:44.0996 1268 COMSysApp - ok

04:15:45.0039 1268 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

04:15:45.0064 1268 crcdisk - ok

04:15:45.0139 1268 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

04:15:45.0411 1268 CryptSvc - ok

04:15:45.0476 1268 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

04:15:45.0550 1268 CSC - ok

04:15:45.0647 1268 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll

04:15:45.0719 1268 CscService - ok

04:15:45.0784 1268 dc3d (1ca90212a99db6975c344826d11055c9) C:\Windows\system32\DRIVERS\dc3d.sys

04:15:45.0802 1268 dc3d - ok

04:15:45.0892 1268 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

04:15:45.0969 1268 DcomLaunch - ok

04:15:46.0019 1268 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

04:15:46.0091 1268 defragsvc - ok

04:15:46.0160 1268 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

04:15:46.0395 1268 DfsC - ok

04:15:46.0478 1268 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

04:15:46.0578 1268 Dhcp - ok

04:15:46.0625 1268 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

04:15:46.0685 1268 discache - ok

04:15:46.0734 1268 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

04:15:46.0750 1268 Disk - ok

04:15:46.0795 1268 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

04:15:46.0865 1268 Dnscache - ok

04:15:46.0906 1268 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

04:15:46.0977 1268 dot3svc - ok

04:15:47.0032 1268 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

04:15:47.0102 1268 DPS - ok

04:15:47.0159 1268 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

04:15:47.0368 1268 drmkaud - ok

04:15:47.0456 1268 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

04:15:47.0513 1268 DXGKrnl - ok

04:15:47.0554 1268 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

04:15:47.0639 1268 EapHost - ok

04:15:47.0826 1268 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

04:15:47.0978 1268 ebdrv - ok

04:15:48.0088 1268 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

04:15:48.0348 1268 EFS - ok

04:15:48.0443 1268 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

04:15:48.0530 1268 ehRecvr - ok

04:15:48.0570 1268 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

04:15:48.0674 1268 ehSched - ok

04:15:48.0786 1268 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

04:15:48.0823 1268 elxstor - ok

04:15:48.0864 1268 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

04:15:48.0907 1268 ErrDev - ok

04:15:48.0987 1268 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

04:15:49.0060 1268 EventSystem - ok

04:15:49.0104 1268 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

04:15:49.0165 1268 exfat - ok

04:15:49.0396 1268 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

04:15:49.0471 1268 fastfat - ok

04:15:49.0558 1268 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

04:15:49.0652 1268 Fax - ok

04:15:49.0697 1268 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

04:15:49.0779 1268 fdc - ok

04:15:49.0834 1268 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

04:15:49.0920 1268 fdPHost - ok

04:15:49.0969 1268 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

04:15:50.0032 1268 FDResPub - ok

04:15:50.0073 1268 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

04:15:50.0092 1268 FileInfo - ok

04:15:50.0120 1268 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

04:15:50.0369 1268 Filetrace - ok

04:15:50.0401 1268 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

04:15:50.0418 1268 flpydisk - ok

04:15:50.0485 1268 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

04:15:50.0511 1268 FltMgr - ok

04:15:50.0610 1268 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

04:15:50.0748 1268 FontCache - ok

04:15:50.0862 1268 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

04:15:50.0900 1268 FontCache3.0.0.0 - ok

04:15:50.0963 1268 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

04:15:50.0982 1268 FsDepends - ok

04:15:51.0031 1268 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

04:15:51.0045 1268 Fs_Rec - ok

04:15:51.0111 1268 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

04:15:51.0142 1268 fvevol - ok

04:15:51.0359 1268 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

04:15:51.0398 1268 gagp30kx - ok

04:15:51.0468 1268 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

04:15:51.0559 1268 gpsvc - ok

04:15:51.0595 1268 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

04:15:51.0665 1268 hcw85cir - ok

04:15:51.0734 1268 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

04:15:51.0786 1268 HdAudAddService - ok

04:15:51.0834 1268 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

04:15:51.0869 1268 HDAudBus - ok

04:15:51.0912 1268 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

04:15:51.0958 1268 HidBatt - ok

04:15:51.0995 1268 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

04:15:52.0041 1268 HidBth - ok

04:15:52.0087 1268 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

04:15:52.0132 1268 HidIr - ok

04:15:52.0346 1268 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

04:15:52.0414 1268 hidserv - ok

04:15:52.0486 1268 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

04:15:52.0505 1268 HidUsb - ok

04:15:52.0553 1268 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

04:15:52.0630 1268 hkmsvc - ok

04:15:52.0690 1268 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

04:15:52.0762 1268 HomeGroupListener - ok

04:15:52.0818 1268 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

04:15:52.0876 1268 HomeGroupProvider - ok

04:15:52.0927 1268 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

04:15:52.0943 1268 HpSAMD - ok

04:15:53.0042 1268 HsfXAudioService (447256d1c026654c5cd3cc17e7b20631) C:\Windows\SysWOW64\XAudio64.dll

04:15:53.0108 1268 HsfXAudioService - ok

04:15:53.0410 1268 HSF_DP (64667d9808fd09fabedccf62e8f52662) C:\Windows\system32\DRIVERS\CAX_DP.sys

04:15:53.0547 1268 HSF_DP - ok

04:15:53.0714 1268 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

04:15:53.0805 1268 HTTP - ok

04:15:53.0850 1268 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

04:15:53.0865 1268 hwpolicy - ok

04:15:53.0937 1268 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

04:15:53.0984 1268 i8042prt - ok

04:15:54.0059 1268 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

04:15:54.0111 1268 iaStorV - ok

04:15:54.0427 1268 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

04:15:54.0502 1268 idsvc - ok

04:15:54.0538 1268 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

04:15:54.0563 1268 iirsp - ok

04:15:54.0651 1268 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

04:15:54.0731 1268 IKEEXT - ok

04:15:54.0901 1268 IntcAzAudAddService (bfbabcb231628a4551dbb10d0ea25d62) C:\Windows\system32\drivers\RTKVHD64.sys

04:15:55.0356 1268 IntcAzAudAddService - ok

04:15:55.0510 1268 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

04:15:55.0549 1268 intelide - ok

04:15:55.0607 1268 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

04:15:55.0649 1268 intelppm - ok

04:15:55.0695 1268 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

04:15:55.0781 1268 IPBusEnum - ok

04:15:55.0839 1268 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

04:15:55.0912 1268 IpFilterDriver - ok

04:15:55.0978 1268 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

04:15:56.0059 1268 iphlpsvc - ok

04:15:56.0112 1268 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

04:15:56.0145 1268 IPMIDRV - ok

04:15:56.0359 1268 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

04:15:56.0432 1268 IPNAT - ok

04:15:56.0478 1268 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

04:15:56.0573 1268 IRENUM - ok

04:15:56.0641 1268 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

04:15:56.0669 1268 isapnp - ok

04:15:56.0730 1268 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

04:15:56.0761 1268 iScsiPrt - ok

04:15:56.0808 1268 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

04:15:56.0824 1268 kbdclass - ok

04:15:56.0876 1268 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

04:15:56.0899 1268 kbdhid - ok

04:15:56.0928 1268 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

04:15:56.0950 1268 KeyIso - ok

04:15:56.0990 1268 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

04:15:57.0012 1268 KSecDD - ok

04:15:57.0061 1268 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

04:15:57.0089 1268 KSecPkg - ok

04:15:57.0136 1268 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

04:15:57.0371 1268 ksthunk - ok

04:15:57.0432 1268 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

04:15:57.0506 1268 KtmRm - ok

04:15:57.0573 1268 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

04:15:57.0653 1268 LanmanServer - ok

04:15:57.0705 1268 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

04:15:57.0774 1268 LanmanWorkstation - ok

04:15:57.0827 1268 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

04:15:57.0940 1268 lltdio - ok

04:15:57.0990 1268 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

04:15:58.0065 1268 lltdsvc - ok

04:15:58.0094 1268 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

04:15:58.0141 1268 lmhosts - ok

04:15:58.0363 1268 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

04:15:58.0400 1268 LSI_FC - ok

04:15:58.0451 1268 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

04:15:58.0476 1268 LSI_SAS - ok

04:15:58.0525 1268 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

04:15:58.0568 1268 LSI_SAS2 - ok

04:15:58.0621 1268 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

04:15:58.0649 1268 LSI_SCSI - ok

04:15:58.0698 1268 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

04:15:58.0769 1268 luafv - ok

04:15:58.0833 1268 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

04:15:58.0853 1268 MBAMProtector - ok

04:15:58.0998 1268 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

04:15:59.0050 1268 MBAMService - ok

04:15:59.0095 1268 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

04:15:59.0135 1268 Mcx2Svc - ok

04:15:59.0352 1268 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys

04:15:59.0410 1268 mdmxsdk - ok

04:15:59.0445 1268 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

04:15:59.0473 1268 megasas - ok

04:15:59.0529 1268 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

04:15:59.0556 1268 MegaSR - ok

04:15:59.0618 1268 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

04:15:59.0677 1268 MMCSS - ok

04:15:59.0708 1268 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

04:15:59.0767 1268 Modem - ok

04:15:59.0825 1268 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

04:15:59.0865 1268 monitor - ok

04:15:59.0920 1268 motmodem (060f0ef84f430802df3788f3dcfd009c) C:\Windows\system32\DRIVERS\motmodem.sys

04:15:59.0978 1268 motmodem - ok

04:16:00.0099 1268 MotoHelper (98a10ac4257a3ba48c9611338544ee49) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

04:16:00.0154 1268 MotoHelper - ok

04:16:00.0375 1268 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

04:16:00.0391 1268 mouclass - ok

04:16:00.0448 1268 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

04:16:00.0483 1268 mouhid - ok

04:16:00.0534 1268 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

04:16:00.0560 1268 mountmgr - ok

04:16:00.0614 1268 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

04:16:00.0673 1268 mpio - ok

04:16:00.0725 1268 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

04:16:00.0784 1268 mpsdrv - ok

04:16:00.0869 1268 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

04:16:00.0958 1268 MpsSvc - ok

04:16:01.0016 1268 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

04:16:01.0077 1268 MRxDAV - ok

04:16:01.0127 1268 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

04:16:01.0354 1268 mrxsmb - ok

04:16:01.0404 1268 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

04:16:01.0468 1268 mrxsmb10 - ok

04:16:01.0509 1268 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

04:16:01.0539 1268 mrxsmb20 - ok

04:16:01.0587 1268 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

04:16:01.0619 1268 msahci - ok

04:16:01.0668 1268 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

04:16:01.0694 1268 msdsm - ok

04:16:01.0735 1268 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

04:16:01.0780 1268 MSDTC - ok

04:16:01.0841 1268 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

04:16:01.0885 1268 Msfs - ok

04:16:01.0934 1268 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

04:16:01.0992 1268 mshidkmdf - ok

04:16:02.0027 1268 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

04:16:02.0044 1268 msisadrv - ok

04:16:02.0117 1268 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

04:16:02.0367 1268 MSiSCSI - ok

04:16:02.0384 1268 msiserver - ok

04:16:02.0432 1268 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

04:16:02.0492 1268 MSKSSRV - ok

04:16:02.0541 1268 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

04:16:02.0594 1268 MSPCLOCK - ok

04:16:02.0632 1268 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

04:16:02.0684 1268 MSPQM - ok

04:16:02.0736 1268 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

04:16:02.0808 1268 MsRPC - ok

04:16:02.0867 1268 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

04:16:02.0881 1268 mssmbios - ok

04:16:02.0964 1268 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

04:16:03.0028 1268 MSTEE - ok

04:16:03.0055 1268 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

04:16:03.0084 1268 MTConfig - ok

04:16:03.0129 1268 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

04:16:03.0145 1268 Mup - ok

04:16:03.0387 1268 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

04:16:03.0469 1268 napagent - ok

04:16:03.0531 1268 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

04:16:03.0582 1268 NativeWifiP - ok

04:16:03.0753 1268 NBService (2637f26312ecceeb6f110e95f1ece243) C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe

04:16:04.0070 1268 NBService ( UnsignedFile.Multi.Generic ) - warning

04:16:04.0070 1268 NBService - detected UnsignedFile.Multi.Generic (1)

04:16:04.0353 1268 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

04:16:04.0408 1268 NDIS - ok

04:16:04.0463 1268 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

04:16:04.0526 1268 NdisCap - ok

04:16:04.0578 1268 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

04:16:04.0655 1268 NdisTapi - ok

04:16:04.0713 1268 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

04:16:04.0788 1268 Ndisuio - ok

04:16:04.0836 1268 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

04:16:04.0906 1268 NdisWan - ok

04:16:04.0945 1268 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

04:16:04.0994 1268 NDProxy - ok

04:16:05.0045 1268 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

04:16:05.0106 1268 NetBIOS - ok

04:16:05.0162 1268 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

04:16:05.0414 1268 NetBT - ok

04:16:05.0450 1268 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

04:16:05.0482 1268 Netlogon - ok

04:16:05.0551 1268 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

04:16:05.0625 1268 Netman - ok

04:16:05.0697 1268 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

04:16:05.0780 1268 netprofm - ok

04:16:05.0909 1268 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

04:16:05.0942 1268 NetTcpPortSharing - ok

04:16:05.0981 1268 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

04:16:06.0009 1268 nfrd960 - ok

04:16:06.0085 1268 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

04:16:06.0159 1268 NlaSvc - ok

04:16:06.0371 1268 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

04:16:06.0418 1268 Npfs - ok

04:16:06.0456 1268 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

04:16:06.0517 1268 nsi - ok

04:16:06.0545 1268 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

04:16:06.0605 1268 nsiproxy - ok

04:16:06.0733 1268 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

04:16:06.0811 1268 Ntfs - ok

04:16:06.0950 1268 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

04:16:07.0069 1268 Null - ok

04:16:07.0144 1268 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys

04:16:07.0375 1268 NVENETFD - ok

04:16:07.0976 1268 nvlddmkm (dd81fbc57ab9134cddc5ce90880bfd80) C:\Windows\system32\DRIVERS\nvlddmkm.sys

04:16:08.0585 1268 nvlddmkm - ok

04:16:08.0757 1268 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys

04:16:08.0803 1268 NVNET - ok

04:16:08.0848 1268 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

04:16:08.0875 1268 nvraid - ok

04:16:08.0931 1268 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

04:16:08.0948 1268 nvstor - ok

04:16:08.0991 1268 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

04:16:09.0032 1268 nv_agp - ok

04:16:09.0077 1268 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

04:16:09.0109 1268 ohci1394 - ok

04:16:09.0353 1268 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

04:16:09.0431 1268 p2pimsvc - ok

04:16:09.0492 1268 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

04:16:09.0527 1268 p2psvc - ok

04:16:09.0568 1268 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

04:16:09.0607 1268 Parport - ok

04:16:09.0646 1268 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

04:16:09.0663 1268 partmgr - ok

04:16:09.0702 1268 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

04:16:09.0750 1268 PcaSvc - ok

04:16:09.0799 1268 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

04:16:09.0827 1268 pci - ok

04:16:09.0865 1268 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

04:16:09.0885 1268 pciide - ok

04:16:09.0930 1268 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

04:16:09.0964 1268 pcmcia - ok

04:16:09.0990 1268 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

04:16:10.0005 1268 pcw - ok

04:16:10.0075 1268 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

04:16:10.0382 1268 PEAUTH - ok

04:16:10.0491 1268 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll

04:16:10.0592 1268 PeerDistSvc - ok

04:16:10.0688 1268 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

04:16:10.0777 1268 PerfHost - ok

04:16:10.0989 1268 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

04:16:11.0093 1268 pla - ok

04:16:11.0163 1268 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

04:16:11.0416 1268 PlugPlay - ok

04:16:11.0466 1268 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

04:16:11.0487 1268 PNRPAutoReg - ok

04:16:11.0536 1268 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

04:16:11.0559 1268 PNRPsvc - ok

04:16:11.0642 1268 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys

04:16:11.0670 1268 Point64 - ok

04:16:11.0747 1268 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

04:16:11.0824 1268 PolicyAgent - ok

04:16:11.0886 1268 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

04:16:11.0962 1268 Power - ok

04:16:12.0027 1268 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

04:16:12.0112 1268 PptpMiniport - ok

04:16:12.0157 1268 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

04:16:12.0362 1268 Processor - ok

04:16:12.0418 1268 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

04:16:12.0487 1268 ProfSvc - ok

04:16:12.0528 1268 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

04:16:12.0553 1268 ProtectedStorage - ok

04:16:12.0615 1268 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

04:16:12.0678 1268 Psched - ok

04:16:12.0791 1268 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

04:16:12.0863 1268 ql2300 - ok

04:16:12.0994 1268 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

04:16:13.0036 1268 ql40xx - ok

04:16:13.0099 1268 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

04:16:13.0156 1268 QWAVE - ok

04:16:13.0349 1268 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

04:16:13.0475 1268 QWAVEdrv - ok

04:16:13.0522 1268 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

04:16:13.0580 1268 RasAcd - ok

04:16:13.0628 1268 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

04:16:13.0697 1268 RasAgileVpn - ok

04:16:13.0737 1268 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

04:16:13.0827 1268 RasAuto - ok

04:16:13.0887 1268 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

04:16:13.0960 1268 Rasl2tp - ok

04:16:14.0014 1268 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

04:16:14.0095 1268 RasMan - ok

04:16:14.0143 1268 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

04:16:14.0361 1268 RasPppoe - ok

04:16:14.0428 1268 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

04:16:14.0508 1268 RasSstp - ok

04:16:14.0562 1268 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

04:16:14.0634 1268 rdbss - ok

04:16:14.0675 1268 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

04:16:14.0723 1268 rdpbus - ok

04:16:14.0751 1268 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

04:16:14.0833 1268 RDPCDD - ok

04:16:14.0890 1268 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

04:16:14.0970 1268 RDPDR - ok

04:16:15.0020 1268 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

04:16:15.0080 1268 RDPENCDD - ok

04:16:15.0133 1268 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

04:16:15.0352 1268 RDPREFMP - ok

04:16:15.0416 1268 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys

04:16:15.0481 1268 RdpVideoMiniport - ok

04:16:15.0528 1268 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

04:16:15.0630 1268 RDPWD - ok

04:16:15.0710 1268 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

04:16:15.0760 1268 rdyboost - ok

04:16:15.0812 1268 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

04:16:15.0883 1268 RemoteAccess - ok

04:16:15.0935 1268 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

04:16:16.0008 1268 RemoteRegistry - ok

04:16:16.0063 1268 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

04:16:16.0125 1268 RpcEptMapper - ok

04:16:16.0165 1268 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

04:16:16.0366 1268 RpcLocator - ok

04:16:16.0438 1268 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

04:16:16.0488 1268 RpcSs - ok

04:16:16.0541 1268 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

04:16:16.0601 1268 rspndr - ok

04:16:16.0648 1268 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

04:16:16.0708 1268 s3cap - ok

04:16:16.0750 1268 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

04:16:16.0766 1268 SamSs - ok

04:16:16.0813 1268 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

04:16:16.0833 1268 sbp2port - ok

04:16:16.0876 1268 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

04:16:16.0954 1268 SCardSvr - ok

04:16:16.0991 1268 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

04:16:17.0043 1268 scfilter - ok

04:16:17.0135 1268 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

04:16:17.0430 1268 Schedule - ok

04:16:17.0481 1268 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

04:16:17.0524 1268 SCPolicySvc - ok

04:16:17.0575 1268 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

04:16:17.0629 1268 SDRSVC - ok

04:16:17.0708 1268 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

04:16:17.0770 1268 secdrv - ok

04:16:17.0817 1268 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

04:16:17.0861 1268 seclogon - ok

04:16:17.0907 1268 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

04:16:17.0953 1268 SENS - ok

04:16:17.0983 1268 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

04:16:18.0052 1268 SensrSvc - ok

04:16:18.0085 1268 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

04:16:18.0127 1268 Serenum - ok

04:16:18.0348 1268 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

04:16:18.0389 1268 Serial - ok

04:16:18.0438 1268 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

04:16:18.0488 1268 sermouse - ok

04:16:18.0560 1268 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

04:16:18.0625 1268 SessionEnv - ok

04:16:18.0671 1268 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

04:16:18.0757 1268 sffdisk - ok

04:16:18.0800 1268 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

04:16:18.0862 1268 sffp_mmc - ok

04:16:18.0894 1268 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

04:16:18.0934 1268 sffp_sd - ok

04:16:18.0996 1268 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

04:16:19.0030 1268 sfloppy - ok

04:16:19.0091 1268 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

04:16:19.0376 1268 SharedAccess - ok

04:16:19.0435 1268 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

04:16:19.0506 1268 ShellHWDetection - ok

04:16:19.0553 1268 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

04:16:19.0581 1268 SiSRaid2 - ok

04:16:19.0599 1268 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

04:16:19.0627 1268 SiSRaid4 - ok

04:16:19.0683 1268 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

04:16:19.0806 1268 Smb - ok

04:16:19.0877 1268 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

04:16:19.0922 1268 SNMPTRAP - ok

04:16:19.0948 1268 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

04:16:19.0962 1268 spldr - ok

04:16:20.0030 1268 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

04:16:20.0098 1268 Spooler - ok

04:16:20.0494 1268 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

04:16:20.0709 1268 sppsvc - ok

04:16:20.0808 1268 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

04:16:20.0888 1268 sppuinotify - ok

04:16:20.0996 1268 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

04:16:21.0105 1268 srv - ok

04:16:21.0153 1268 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

04:16:21.0360 1268 srv2 - ok

04:16:21.0412 1268 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

04:16:21.0442 1268 srvnet - ok

04:16:21.0501 1268 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys

04:16:21.0600 1268 ssadbus - ok

04:16:21.0656 1268 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys

04:16:21.0725 1268 ssadmdfl - ok

04:16:21.0781 1268 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys

04:16:21.0823 1268 ssadmdm - ok

04:16:21.0873 1268 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

04:16:21.0956 1268 SSDPSRV - ok

04:16:22.0004 1268 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

04:16:22.0059 1268 SstpSvc - ok

04:16:22.0101 1268 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

04:16:22.0128 1268 stexstor - ok

04:16:22.0372 1268 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

04:16:22.0431 1268 stisvc - ok

04:16:22.0490 1268 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

04:16:22.0505 1268 storflt - ok

04:16:22.0542 1268 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

04:16:22.0557 1268 storvsc - ok

04:16:22.0585 1268 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

04:16:22.0600 1268 swenum - ok

04:16:22.0664 1268 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

04:16:22.0746 1268 swprv - ok

04:16:22.0784 1268 Synth3dVsc - ok

04:16:22.0919 1268 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

04:16:23.0049 1268 SysMain - ok

04:16:23.0410 1268 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

04:16:23.0497 1268 TabletInputService - ok

04:16:23.0554 1268 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

04:16:23.0632 1268 TapiSrv - ok

04:16:23.0679 1268 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

04:16:23.0758 1268 TBS - ok

04:16:23.0919 1268 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

04:16:24.0015 1268 Tcpip - ok

04:16:24.0452 1268 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

04:16:24.0507 1268 TCPIP6 - ok

04:16:24.0646 1268 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

04:16:24.0724 1268 tcpipreg - ok

04:16:24.0767 1268 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

04:16:24.0812 1268 TDPIPE - ok

04:16:24.0852 1268 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

04:16:24.0904 1268 TDTCP - ok

04:16:24.0962 1268 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

04:16:25.0019 1268 tdx - ok

04:16:25.0071 1268 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

04:16:25.0086 1268 TermDD - ok

04:16:25.0164 1268 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

04:16:25.0426 1268 TermService - ok

04:16:25.0466 1268 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

04:16:25.0510 1268 Themes - ok

04:16:25.0556 1268 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

04:16:25.0605 1268 THREADORDER - ok

04:16:25.0675 1268 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

04:16:25.0739 1268 TrkWks - ok

04:16:25.0817 1268 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

04:16:25.0896 1268 TrustedInstaller - ok

04:16:25.0938 1268 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

04:16:26.0006 1268 tssecsrv - ok

04:16:26.0056 1268 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

04:16:26.0097 1268 TsUsbFlt - ok

04:16:26.0112 1268 tsusbhub - ok

04:16:26.0342 1268 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

04:16:26.0406 1268 tunnel - ok

04:16:26.0447 1268 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

04:16:26.0469 1268 uagp35 - ok

04:16:26.0532 1268 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

04:16:26.0608 1268 udfs - ok

04:16:26.0664 1268 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

04:16:26.0699 1268 UI0Detect - ok

04:16:26.0751 1268 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

04:16:26.0768 1268 uliagpkx - ok

04:16:26.0820 1268 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

04:16:26.0853 1268 umbus - ok

04:16:26.0893 1268 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

04:16:26.0935 1268 UmPass - ok

04:16:26.0990 1268 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll

04:16:27.0034 1268 UmRdpService - ok

04:16:27.0087 1268 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

04:16:27.0166 1268 upnphost - ok

04:16:27.0402 1268 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

04:16:27.0468 1268 usbccgp - ok

04:16:27.0528 1268 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

04:16:27.0599 1268 usbcir - ok

04:16:27.0643 1268 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

04:16:27.0694 1268 usbehci - ok

04:16:27.0756 1268 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

04:16:27.0792 1268 usbhub - ok

04:16:27.0832 1268 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

04:16:27.0868 1268 usbohci - ok

04:16:27.0920 1268 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

04:16:27.0966 1268 usbprint - ok

04:16:28.0017 1268 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

04:16:28.0082 1268 USBSTOR - ok

04:16:28.0123 1268 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

04:16:28.0166 1268 usbuhci - ok

04:16:28.0468 1268 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

04:16:28.0545 1268 UxSms - ok

04:16:28.0587 1268 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

04:16:28.0613 1268 VaultSvc - ok

04:16:28.0673 1268 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

04:16:28.0688 1268 vdrvroot - ok

04:16:28.0756 1268 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

04:16:28.0826 1268 vds - ok

04:16:28.0875 1268 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

04:16:28.0909 1268 vga - ok

04:16:28.0949 1268 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

04:16:29.0013 1268 VgaSave - ok

04:16:29.0041 1268 VGPU - ok

04:16:29.0097 1268 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

04:16:29.0128 1268 vhdmp - ok

04:16:29.0352 1268 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

04:16:29.0375 1268 viaide - ok

04:16:29.0424 1268 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

04:16:29.0453 1268 vmbus - ok

04:16:29.0506 1268 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

04:16:29.0543 1268 VMBusHID - ok

04:16:29.0594 1268 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

04:16:29.0625 1268 volmgr - ok

04:16:29.0673 1268 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

04:16:29.0709 1268 volmgrx - ok

04:16:29.0763 1268 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

04:16:29.0795 1268 volsnap - ok

04:16:29.0834 1268 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

04:16:29.0863 1268 vsmraid - ok

04:16:29.0980 1268 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

04:16:30.0103 1268 VSS - ok

04:16:30.0510 1268 VST64HWBS2 (93132c69394a99d992095d8cfe464801) C:\Windows\system32\DRIVERS\VSTBS26.SYS

04:16:30.0593 1268 VST64HWBS2 - ok

04:16:30.0739 1268 VST64_DPV (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS

04:16:30.0813 1268 VST64_DPV - ok

04:16:30.0949 1268 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

04:16:30.0986 1268 vwifibus - ok

04:16:31.0043 1268 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

04:16:31.0108 1268 W32Time - ok

04:16:31.0156 1268 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

04:16:31.0422 1268 WacomPen - ok

04:16:31.0488 1268 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

04:16:31.0558 1268 WANARP - ok

04:16:31.0581 1268 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

04:16:31.0629 1268 Wanarpv6 - ok

04:16:31.0736 1268 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

04:16:31.0874 1268 WatAdminSvc - ok

04:16:31.0993 1268 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

04:16:32.0085 1268 wbengine - ok

04:16:32.0365 1268 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

04:16:32.0403 1268 WbioSrvc - ok

04:16:32.0462 1268 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

04:16:32.0577 1268 wcncsvc - ok

04:16:32.0627 1268 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

04:16:32.0660 1268 WcsPlugInService - ok

04:16:32.0722 1268 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

04:16:32.0737 1268 Wd - ok

04:16:32.0795 1268 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

04:16:32.0841 1268 Wdf01000 - ok

04:16:32.0877 1268 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

04:16:32.0993 1268 WdiServiceHost - ok

04:16:33.0015 1268 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

04:16:33.0053 1268 WdiSystemHost - ok

04:16:33.0112 1268 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

04:16:33.0342 1268 WebClient - ok

04:16:33.0395 1268 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

04:16:33.0465 1268 Wecsvc - ok

04:16:33.0517 1268 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

04:16:33.0585 1268 wercplsupport - ok

04:16:33.0638 1268 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

04:16:33.0696 1268 WerSvc - ok

04:16:33.0833 1268 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

04:16:33.0911 1268 WfpLwf - ok

04:16:33.0974 1268 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

04:16:34.0002 1268 WIMMount - ok

04:16:34.0071 1268 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys

04:16:34.0149 1268 winachsf - ok

04:16:34.0379 1268 WinDefend - ok

04:16:34.0402 1268 WinHttpAutoProxySvc - ok

04:16:34.0484 1268 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

04:16:34.0641 1268 Winmgmt - ok

04:16:34.0776 1268 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

04:16:35.0138 1268 WinRM - ok

04:16:35.0731 1268 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys

04:16:35.0778 1268 WinUSB - ok

04:16:35.0856 1268 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

04:16:35.0932 1268 Wlansvc - ok

04:16:35.0974 1268 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

04:16:36.0027 1268 WmiAcpi - ok

04:16:36.0114 1268 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

04:16:36.0166 1268 wmiApSrv - ok

04:16:36.0404 1268 WMPNetworkSvc - ok

04:16:36.0548 1268 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) C:\Program Files\Zune\WMZuneComm.exe

04:16:36.0625 1268 WMZuneComm - ok

04:16:36.0675 1268 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

04:16:36.0713 1268 WPCSvc - ok

04:16:36.0760 1268 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

04:16:36.0819 1268 WPDBusEnum - ok

04:16:36.0865 1268 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

04:16:36.0929 1268 ws2ifsl - ok

04:16:36.0970 1268 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

04:16:37.0028 1268 wscsvc - ok

04:16:37.0042 1268 WSearch - ok

04:16:37.0369 1268 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

04:16:37.0536 1268 wuauserv - ok

04:16:37.0662 1268 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

04:16:37.0724 1268 WudfPf - ok

04:16:37.0785 1268 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

04:16:37.0844 1268 WUDFRd - ok

04:16:37.0897 1268 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

04:16:37.0946 1268 wudfsvc - ok

04:16:37.0999 1268 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

04:16:38.0053 1268 WwanSvc - ok

04:16:38.0098 1268 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys

04:16:38.0136 1268 XAudio - ok

04:16:38.0787 1268 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) C:\Program Files\Zune\ZuneNss.exe

04:16:39.0125 1268 ZuneNetworkSvc - ok

04:16:39.0418 1268 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) C:\Program Files\Zune\ZuneWlanCfgSvc.exe

04:16:39.0454 1268 ZuneWlanCfgSvc - ok

04:16:39.0512 1268 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

04:16:39.0637 1268 \Device\Harddisk0\DR0 - ok

04:16:39.0667 1268 Boot (0x1200) (e376c8c4ab5392a4ccea97eea69739cf) \Device\Harddisk0\DR0\Partition0

04:16:39.0668 1268 \Device\Harddisk0\DR0\Partition0 - ok

04:16:39.0718 1268 Boot (0x1200) (07a77afee5dcb272c2e01dd6548c5938) \Device\Harddisk0\DR0\Partition1

04:16:39.0719 1268 \Device\Harddisk0\DR0\Partition1 - ok

04:16:39.0725 1268 ============================================================

04:16:39.0725 1268 Scan finished

04:16:39.0725 1268 ============================================================

04:16:39.0751 3944 Detected object count: 1

04:16:39.0751 3944 Actual detected object count: 1

04:18:38.0917 3944 NBService ( UnsignedFile.Multi.Generic ) - skipped by user

04:18:38.0917 3944 NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip

04:19:52.0035 1132 Deinitialize success

Link to post
Share on other sites

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Please include the C:\ComboFix.txt in your next reply for further review.

Note:

If you get the message Illegal operation attempted on registry key that has been marked for deletion. after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Here is the ComboFix log:

ComboFix 12-04-28.01 - Scott 04/28/2012 6:43.2.1 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1471.798 [GMT -5:00]

Running from: c:\users\Scott\Desktop\ComboFix.exe

AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}

SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\SysWow64\bdaplgin.ax

c:\windows\SysWow64\cero.rs

c:\windows\SysWow64\csrr.rs

c:\windows\SysWow64\esrb.rs

c:\windows\SysWow64\g711codc.ax

c:\windows\SysWow64\grb.rs

c:\windows\SysWow64\iac25_32.ax

c:\windows\SysWow64\ir41_32.ax

c:\windows\SysWow64\ivfsrc.ax

c:\windows\SysWow64\ksproxy.ax

c:\windows\SysWow64\kstvtune.ax

c:\windows\SysWow64\Kswdmcap.ax

c:\windows\SysWow64\ksxbar.ax

c:\windows\SysWow64\Mpeg2Data.ax

c:\windows\SysWow64\mpg2splt.ax

c:\windows\SysWow64\MSDvbNP.ax

c:\windows\SysWow64\MSNP.ax

c:\windows\SysWow64\oflc.rs

c:\windows\SysWow64\pegi-fi.rs

c:\windows\SysWow64\pegi-pt.rs

c:\windows\SysWow64\pegi.rs

c:\windows\SysWow64\pegibbfc.rs

c:\windows\SysWow64\psisrndr.ax

c:\windows\SysWow64\usk.rs

c:\windows\SysWow64\VBICodec.ax

c:\windows\SysWow64\vbisurf.ax

c:\windows\SysWow64\vidcap.ax

c:\windows\SysWow64\WEB.rs

c:\windows\SysWow64\WSTPager.ax

.

.

((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-28 )))))))))))))))))))))))))))))))

.

.

2012-04-28 11:50 . 2012-04-28 11:50 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-04-26 11:57 . 2012-04-26 11:57 -------- d-----w- c:\users\Scott\AppData\Roaming\AVG2012

2012-04-26 11:57 . 2012-04-26 11:57 -------- d-----w- c:\windows\SysWow64\drivers\AVG

2012-04-26 11:55 . 2012-04-28 11:14 -------- d-----w- c:\programdata\AVG2012

2012-04-26 11:55 . 2012-04-28 09:04 -------- d-----w- c:\windows\system32\drivers\AVG

2012-04-26 11:55 . 2012-04-26 11:55 -------- d-----w- C:\$AVG

2012-04-26 02:30 . 2012-04-28 10:58 -------- d-----w- c:\users\Scott\AppData\Local\NPE

2012-04-26 02:30 . 2012-04-26 02:30 -------- d-----w- c:\programdata\Norton

2012-04-25 01:12 . 2012-04-25 01:12 -------- d-----w- C:\TDSSKiller_Quarantine

2012-04-21 12:55 . 2012-04-21 12:55 -------- d-----w- c:\users\Scott\AppData\Local\ElevatedDiagnostics

2012-04-19 09:50 . 2012-04-19 09:50 28480 ----a-w- c:\windows\system32\drivers\avgidsha.sys

2012-04-15 09:50 . 2012-04-15 09:50 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-04-12 08:36 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-12 08:36 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-04-12 08:36 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-04-12 08:35 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-12 08:35 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-12 08:35 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-12 08:35 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-12 08:35 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-12 08:35 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-12 08:35 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-11 13:24 . 2012-04-11 13:24 -------- d-----w- c:\users\Scott\AppData\Local\Apps

2012-04-11 13:21 . 2012-04-11 13:21 -------- d-----w- c:\users\Scott\AppData\Roaming\FastStone

2012-04-11 13:20 . 2012-04-11 13:20 -------- d-----w- c:\program files (x86)\FastStone Image Viewer

2012-03-31 08:21 . 2012-03-31 08:21 -------- d-----w- c:\users\Sherry

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-15 09:50 . 2011-11-24 16:33 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-04 20:56 . 2011-11-26 22:23 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-19 10:17 . 2012-03-19 10:17 383808 ----a-w- c:\windows\system32\drivers\avgtdia.sys

2012-02-22 10:25 . 2012-02-22 10:25 289872 ----a-w- c:\windows\system32\drivers\avgldx64.sys

2012-02-20 15:16 . 2011-11-26 22:48 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-02-17 06:38 . 2012-03-14 10:48 1112064 ----a-w- c:\windows\system32\rdpcorets.dll

2012-02-17 06:38 . 2012-03-14 10:48 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-14 10:48 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-14 10:48 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-14 10:48 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-16 11:53 . 2012-02-16 11:53 466456 ----a-w- c:\windows\system32\wrap_oal.dll

2012-02-16 11:53 . 2012-02-16 11:53 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2012-02-16 11:53 . 2012-02-16 11:53 122904 ----a-w- c:\windows\system32\OpenAL32.dll

2012-02-16 11:53 . 2012-02-16 11:53 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2012-02-10 06:36 . 2012-03-14 10:49 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:38 . 2012-03-14 10:49 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-02-03 04:34 . 2012-03-14 10:49 3145728 ----a-w- c:\windows\system32\win32k.sys

2012-01-31 09:46 . 2012-01-31 09:46 36944 ----a-w- c:\windows\system32\drivers\avgrkx64.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Nero PhotoShow Media Manager"="c:\progra~2\Nero\NERO7~1\NEROPH~2\data\Xtras\mssysmgr.exe" [2006-05-10 249856]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 253088]

R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 VST64_DPV;VST64_DPV;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]

R3 VST64HWBS2;VST64HWBS2;c:\windows\system32\DRIVERS\VSTBS26.SYS [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]

S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]

S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-03-23 2321520]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-04-08 5158992]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]

S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-08-10 227184]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [x]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [x]

S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys [x]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 09:50]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files (x86)\AVG\AVG2012\avgdtiex.dll

TCP: DhcpNameServer = 192.168.0.1 205.171.3.25

FF - ProfilePath - c:\users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\p64mlj5p.default\

FF - prefs.js: browser.search.selectedEngine - Startpage HTTPS

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\UninstFl.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3651193171-666663103-883258570-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

.

**************************************************************************

.

Completion time: 2012-04-28 07:00:15 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-28 12:00

.

Pre-Run: 85,681,127,424 bytes free

Post-Run: 85,347,999,744 bytes free

.

- - End Of File - - 58299BF72F6DD973B702F9DEB1C580EC

Link to post
Share on other sites

Seems a lot of people have this problem, does any of this sound familiar:

world wide web cam gadget from igoogle

I appear to have found the culprit in my case. It was the world wide web cam gadget from igoogle. Now I'll just keep my fingers crossed that thats the solution.

"It is probably being caused by the worldwide webcam gadget on Google

home page when it tries to access a webcam running on the servers at

Texas A&M. This pop-up sign-in is required if they have set those security

features in the web-cam software that the gadget is trying to access.

I was getting this for the past four days and now it seems to have

stopped - maybe they fixed it. If it continues, I would try removing the worldwide webcam feature

from your personalized google home webpage."

-------------------------

Please do this also:

Click on the link that pertains to your country and see if it comes up:

DNS Resolution = GREEN

http://www.dns-ok.us/ <--------for USA

http://www.dcwg.org/detect/ <---other countries

MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.